Authenticate using a certificate in the HTTP request. Typically used when PAS is in front of a reverse proxy handling the certificate extraction.


Name Description Default value Mandatory
pipeID Id of the pipe handling certificate validation N/A Yes
successURL Location of where to send user agent after successful authentication N/A Yes
includeQueryString On a successful authentication, should the data from the original query be added when redirecting the client false No

Example Configuration

    "alias": "cert",
    "name": "ClientCertificate",
    "configuration": {
        "successURL": "/config/",
        "pipeID": "validatecert"
    "id": "cert"


Client certificate must have been extracted before executing authentication